lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 May 2023 17:52:30 +0800
From: Vladimir Nikishkin <vladimir@...ishkin.pw>
To: Andrea Claudi <aclaudi@...hat.com>
Cc: Stephen Hemminger <stephen@...workplumber.org>, Ido Schimmel
 <idosch@...sch.org>, dsahern@...il.com, netdev@...r.kernel.org,
 davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, eng.alaamohamedsoliman.am@...il.com, gnault@...hat.com,
 razor@...ckwall.org, idosch@...dia.com, liuhangbin@...il.com,
 eyal.birger@...il.com, jtoppins@...hat.com
Subject: Re: [PATCH iproute2-next v5] ip-link: add support for nolocalbypass
 in vxlan


Andrea Claudi <aclaudi@...hat.com> writes:

> On Mon, May 22, 2023 at 08:32:16AM -0700, Stephen Hemminger wrote:
>> On Mon, 22 May 2023 09:15:34 +0300
>> Ido Schimmel <idosch@...sch.org> wrote:
>> 
>> > On Sun, May 21, 2023 at 12:47:41PM -0700, Stephen Hemminger wrote:
>> > > On Sun, 21 May 2023 22:23:25 +0300
>> > > Ido Schimmel <idosch@...sch.org> wrote:
>> > >   
>> > > > +       if (tb[IFLA_VXLAN_LOCALBYPASS])
>> > > > +               print_bool(PRINT_ANY, "localbypass", "localbypass ",
>> > > > +                          rta_getattr_u8(tb[IFLA_VXLAN_LOCALBYPASS]))  
>> > > 
>> > > That will not work for non json case.  It will print localbypass whether it is set or not.
>> > > The third argument is a format string used in the print routine.  
>> > 
>> > Yea, replied too late...
>> > 
>> > Anyway, my main problem is with the JSON output. Looking at other
>> > boolean VXLAN options, we have at least 3 different formats:
>> > 
>> > 1. Only print when "true" for both JSON and non-JSON output. Used for
>> > "external", "vnifilter", "proxy", "rsc", "l2miss", "l3miss",
>> > "remcsum_tx", "remcsum_rx".
>> > 
>> > 2. Print when both "true" and "false" for both JSON and non-JSON output.
>> > Used for "udp_csum", "udp_zero_csum6_tx", "udp_zero_csum6_rx".
>> > 
>> > 3. Print JSON when both "true" and "false" and non-JSON only when
>> > "false". Used for "learning".
>> > 
>> > I don't think we should be adding another format. We need to decide:
>> > 
>> > 1. What is the canonical format going forward?
>> > 
>> > 2. Do we change the format of existing options?
>> > 
>> > My preference is:
>> > 
>> > 1. Format 2. Can be implemented in a common helper used for all VXLAN
>> > options.
>> > 
>> > 2. Yes. It makes all the boolean options consistent and avoids future
>> > discussions such as this where a random option is used for a new option.
>> 
>> A fourth option is to us print_null(). The term null is confusing and people
>> seem to avoid it.  But it is often used by python programmers as way to represent
>> options. That would be my preferred option but others seem to disagree.
>> 
>> Option #2 is no good. Any printing of true/false in non-JSON output is a diveregence
>> from the most common practice across iproute2.
>> 
>> That leaves #3 as the correct and best output.
>> 
>> FYI - The iproute2 maintainers are David Ahern and me. The kernel bits have
>> other subsystem maintainers.
>> 
>
> Just to make sure I understand correctly, this means we are printing
> "nolocalbypass" in non-JSON output because it's the non-default
> settings, right?
>
> If this is correct, then if we have another option in the future that
> comes disabled by default, this means we are going to print it in
> non-JSON output when enabled.
>
> As the primary consumer of non-JSON output are humans, I am a bit
> concerned since a succession of enabled/noenabled options is awkward and
> difficult to read, in my opinion.
>
> Wouldn't it be better to have non-JSON print out options only when
> enabled, regardless of their default value?

Sorry, what is "enabled" and what is "disabled by default"?
I think this is a major source of confusion.

If the option is "nolocalbypass", it is "disabled by default".
If the option is "localbypass", it is "enabled by default".

Intuitively, it seems that everything that is "default" should be
considered disabled, hence the actual option is "nolocalbypass", an by
default it is disabled, and hence not printed. Its opposite requires
explicitly adding a command-line parameter, and hence the "enabled"
state is "nolocalbypass". I think this is the logic that Stephen is
proposing.


-- 
Your sincerely,
Vladimir Nikishkin (MiEr, lockywolf)
(Laptop)
--
Fastmail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ